In Russia, a fraudulent mailing list was created to impersonate the well-known fashion house Gucci, inviting recipients to visit a counterfeit site and download a malicious file. This incident was reported by experts from Fight Against Cybercrime Technologies FAC.CT in a Telegram channel.
FAC.CT’s automated email protection system, Business Email Protection, detected the scam email. The attackers employed a widely used spoofing tactic to disguise the sender address.
During analysis, the Monitoring and Response Center found that the mailing list courted recipients with an invitation to explore Gucci’s 2023–2024 fall–winter collection. In reality, the link points to a harmful site where an archive containing the malware is downloaded.
The site operates under the recently registered gucci-moscow domain, which on its homepage offers a download of a catalog of branded clothing.
In May, Yaroslav Kargalev, head of the Security Operations Center at FAC.CT, noted that new domains such as .zip and .mov are likely to be used by cybercriminals to create convincing phishing links over time. This warning followed continued observations of evolving domain strategies in cyber fraud campaigns.